NSA ‘monitored North Korean networks’ since 2010

by Jeremy Kirk20 Jan 2015January 20, 2015

The U.S. National Security Agency has had a secret foothold for years in North Korea’s networks and saw signs of the Sony Pictures Entertainment attack but only in retrospect grasped its reach and depth, The New York Times has reported.

The spy agency has worked for at least four years to infiltrate networks inside North Korea and those in China and Malaysia favoured by the country’s hackers, the newspaper said, citing former U.S. and foreign officials and a newly disclosed NSA document published by Der Spiegel.

The revelation explains why the U.S. quickly blamed North Korea for the attacks despite widespread skepticism from the computer security community, which said only circumstantial evidence pointed to the country’s involvement.

The hackers were “incredibly careful, and patient,” the NYT reported, citing a person who had been briefed on the investigation.

The Sony attack stole terabytes of sensitive documents, including a salary spreadsheet for 6,000 employees, internal emails, pre-release copies of films and vast amounts of personnel data. It also broke thousands of the organisation’s computers by using a destructive type of malicious software that wipes files.

A group calling itself the Guardians of Peace claimed responsibility for the attacks, releasing the data piecemeal on file-sharing sites and reaching out directly to journalists with links to the material.

It initially appeared the group wanted to blackmail Sony. Only later did the North Korean connection emerge in part due to Sony Pictures’ plan to release “The Interview,” a comedy centred on an absurd campaign by two Americans to assassinate North Korean leader Kim Jong Un.

After the U.S. blamed North Korea in mid-December, it was silent on what evidence led to the conclusion. On 2nd January, President Barack Obama authorised sanctions against North Korea, adding to those in place for years against the secretive nation.

It’s the second time the U.S. has directly blamed another country for cyberattacks. In the first legal action of its kind in May 2014, federal prosecutors charged five members of the Chinese Army with stealing trade secrets from U.S. organisations over eight years. China denied the accusations.

FBI Director James Comey offered more clues for the Sony attacks on 7th January, saying the hackers failed to to mask their IP addresses. That revealed some emails from the hackers to Sony employees came from Internet connections used by the North.

The NSA saw spear phishing emails sent to Sony in early September, but the attacks did not look unusual, the NYT reported. Phishing emails typically try to get people to open malicious attachments that can install malware or reveal login credentials for attacks.

Only later did the NSA figure out that North Korea had stolen account credentials for a Sony administrator. Investigators now believe the Sony hackers spent more than two months inside Sony’s network, mapping its systems, identifying critical files and planning to destroy computers, the NYT reported.

Originally published on IDG News Service (Sydney Bureau).
Click here to read the original story.
Reprinted with permission from IDG.net. Story copyright 2017 International Data Group. All rights reserved.

GET TAHAWUL TECH IN YOUR INBOX

The free newsletter covering the top industry headlines

Tahawul Tech is the definitive platform in the Middle East for IT content. Covering stories across enterprise technology, cybersecurity and the region’s IT channel industry, Tahawul Tech brings business leaders and technology decision makers together to share their stories of transformation.